What to do when CA or certificate expires



  • Hello,

    I have a few hundred users connecting to an OpenVPN running on my pfSense.

    Just wondering, what would happen if the deployment lasts forever and I get close to the expiration date of the CA or user certificates?

    Would there be a way to renew the CA or user certificates?  Would there be a way to renew the CA or certificates if they did expire?



  • @ttblum:

    Hello,

    I have a few hundred users connecting to an OpenVPN running on my pfSense.

    Just wondering, what would happen if the deployment lasts forever and I get close to the expiration date of the CA or user certificates?

    Would there be a way to renew the CA or user certificates?  Would there be a way to renew the CA or certificates if they did expire?

    Not sure I am understanding the question. My guess would be: if the certificates expire you will have to generate new ones and install them in the clients.

    I'm sure I wrote something noobly stupid just now  ;D



  • You'll have to re-issue certs to clients at that point.



  • Ok.  My CA expires many years earlier than my user certificates expire.  I'm assuming I'll have to reissue the certificates when my CA expires?


Log in to reply